scan on port 2770?

Discussion in 'other firewalls' started by pin, Sep 16, 2003.

Thread Status:
Not open for further replies.
  1. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    hi,

    i'm getting connection attempts on port 2770 from someone on my network, which i found out is for the Veronica service (something to do with the gopher protocol i think). anyway, has anyone seen behaviour like this? (kerio log snapshot included)
     

    Attached Files:

  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    No much information on it, and I have never seen this before. You should find out what the program is on the offending machine in your network, and go from there. It appears to be advertising itself as a service, or attempting to connect to any computer it can. A trojan/virus scan might be in order.

    If Kerio is installed on that computer you can use it to find which program is doing it, otherwise download Active Ports if you run NT on that machine.
    http://www.ntutility.com/freeware.html
     
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    This ports database reports veronica is listening on that port.
    Why any veronica would listen on that port, beats me.
    You can find one contact in all lists, one guy named jonas.at.gnu.org...
     
  4. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Meneer, the ip address listed in the logs is for a private range normally used for local area networks, and nobody outside the network can directly access the machine by the ip address. So your contact information is completely incorrect unless your also on the same local area network.
     
  5. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    :D sorry... I meant that a guy named Jonas at gnu.org is the registered contact for veronica in the IANA well known ports database, I'm definately not on your network :D

    I just replied because this veronica business is completely unknown to me. Makes me wonder if this port is even used by any veronica and if the IANA should not clean up this list.
     
  6. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    well i haven't gotten any recent requests, everything seems squared away; i think this person was running a malware of some sort and now it's cleaned up.

    thx for the info though~ i appreciate it
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.